Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:595747A837BB7BED9CC1BEB55971A566
HistoryFeb 09, 2012 - 12:00 a.m.

Adobe Flash Player MP4 Sequence Parameter Set Processing

2012-02-0900:00:00
SAINT Corporation
www.saintcorporation.com
15

0.894 High

EPSS

Percentile

98.5%

JSON

Added: 02/09/2012
CVE: CVE-2011-2140
BID: 49083
OSVDB: 74439

Background

Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages.

Problem

The Adobe Flash Player **Sub_1005B396** function allows command execution when a user opens a specially crafted .swf file. The specific vulnerability is triggered when processing data units in the MP4 Sequence Parameter Set.

Resolution

Upgrade the installed version of Adobe Flash Player as described in Adobe Security Bulletin APSB11-21.

References

<http://www.adobe.com/support/security/bulletins/apsb11-21.html&gt;
<http://www.abysssec.com/blog/2012/01/31/exploiting-cve-2011-2140-another-flash-player-vulnerability/&gt;

Limitations

This exploit was tested against Adobe Systems Flash Player 10.3.181.34 on Microsoft Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).

The target host must have JRE 1.6.x installed.

The user must open the exploit page using Internet Explorer 7, 8, or 9.

Platforms

Windows

Related

checkpoint_advisories 1
saint 3
metasploit 1
seebug 2
packetstorm 2
securityvulns 2
zdi 1
exploitpack 1
exploitdb 2
prion 4
ubuntucve 4
cve 4
threatpost 1
nessus 17
suse 3
openvas 12
freebsd 1
redhat 2
gentoo 2
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player External MP4 Buffer Overflow (APSB11-21; CVE-2011-2140)
2011-08-16 00:00:00
saint
saint
Adobe Flash Player MP4 Sequence Parameter Set Processing
2012-02-09 00:00:00
Adobe Flash Player MP4 Sequence Parameter Set Processing
2012-02-09 00:00:00
Adobe Flash Player MP4 Sequence Parameter Set Processing
2012-02-09 00:00:00
metasploit
metasploit
Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow
2012-02-21 01:40:50
seebug
seebug
Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow
2014-07-01 00:00:00
Adobe Flash Player MP4 SequenceParameterSetNALUnit Remote Code Execution Exploit
2012-02-01 00:00:00
packetstorm
packetstorm
Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow
2012-02-10 00:00:00
Adobe Flash Player Code Execution
2012-01-31 00:00:00
securityvulns
securityvulns
ZDI-11-276: Adobe Flash Player MP4 sequenceParameterSetNALUnit Remote Code Execution Vulnerability
2011-08-27 00:00:00
Adobe Flash Player multiple security vulnerabilities
2011-08-27 00:00:00
zdi
zdi
Adobe Flash Player MP4 sequenceParameterSetNALUnit Remote Code Execution Vulnerability
2011-08-23 00:00:00
exploitpack
exploitpack
Adobe Flash Player - MP4 SequenceParameterSetNALUnit Remote Code Execution
2012-01-31 00:00:00
exploitdb
exploitdb
Adobe Flash Player - MP4 SequenceParameterSetNALUnit Remote Code Execution
2012-01-31 00:00:00
Adobe Flash Player - MP4 SequenceParameterSetNALUnit Buffer Overflow (Metasploit)
2012-02-10 00:00:00
prion
prion
Memory corruption
2011-08-10 22:55:00
Memory corruption
2011-08-10 22:55:00
Memory corruption
2011-08-10 22:55:00
ubuntucve
ubuntucve
CVE-2011-2425
2011-08-10 00:00:00
CVE-2011-2140
2011-08-10 00:00:00
CVE-2011-2417
2011-08-10 00:00:00
cve
cve
CVE-2011-2425
2011-08-10 22:55:00
CVE-2011-2140
2011-08-10 22:55:00
CVE-2011-2417
2011-08-10 22:55:00
threatpost
threatpost
Sofacy APT28 Gang Using New Backdoors, Zero Days
2015-12-04 07:05:37
nessus
nessus
Adobe AIR < 2.7.1 Multiple Vulnerabilities (APSB11-21)
2011-08-10 00:00:00
SuSE 10 Security Update : flash-player (ZYPP Patch Number 7679)
2011-12-13 00:00:00
FreeBSD : linux-flashplugin -- multiple vulnerabilities (2c12ae0c-c38d-11e0-8eb7-001b2134ef46)
2011-08-11 00:00:00
suse
suse
flash-player (critical)
2011-08-12 05:08:25
remote code execution in flash-player
2011-08-11 15:39:03
Security update for flash-player (critical)
2011-08-12 04:08:20
openvas
openvas
FreeBSD Ports: linux-flashplugin
2011-09-21 00:00:00
FreeBSD Ports: linux-flashplugin
2011-09-21 00:00:00
Adobe Air and Flash Player Multiple Vulnerabilities - Mac OS X
2011-08-31 00:00:00
freebsd
freebsd
linux-flashplugin -- multiple vulnerabilities
2011-05-13 00:00:00
redhat
redhat
(RHSA-2011:1144) Critical: flash-plugin security update
2011-08-10 00:00:00
(RHSA-2011:1434) Critical: acroread security update
2011-11-08 00:00:00
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2011-10-13 00:00:00
Adobe Reader: Multiple vulnerabilities
2012-01-30 00:00:00

0.894 High

EPSS

Percentile

98.5%

JSON
Related for SAINT:595747A837BB7BED9CC1BEB55971A566
checkpoint_advisories1saint3metasploit1seebug2packetstorm2securityvulns2zdi1exploitpack1exploitdb2prion4ubuntucve4cve4threatpost1nessus17suse3openvas12freebsd1redhat2gentoo2